Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-27 | CVE-2023-2297 | Improper Authentication vulnerability in Cozmoslabs Profile Builder The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. | 8.1 |
| 2023-04-25 | CVE-2022-40723 | Improper Authentication vulnerability in Pingidentity Pingfederate, Pingid Integration KIT and Radius PCV The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | 6.5 |
| 2023-04-24 | CVE-2023-25131 | Improper Authentication vulnerability in Cyberpower Powerpanel 4.8.6 Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. | 9.8 |
| 2023-04-22 | CVE-2023-0209 | Improper Authentication vulnerability in Nvidia Sbios NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. | 7.8 |
| 2023-04-19 | CVE-2023-22893 | Improper Authentication vulnerability in Strapi Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. | 7.5 |
| 2023-04-18 | CVE-2021-40506 | Improper Authentication vulnerability in Openrisc Or1200 Firmware An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. | 9.8 |
| 2023-04-18 | CVE-2021-40507 | Improper Authentication vulnerability in Openrisc Or1200 Firmware An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. | 9.8 |
| 2023-04-15 | CVE-2023-2027 | Improper Authentication vulnerability in ZM Ajax Login & Register Project ZM Ajax Login & Register The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. | 9.8 |
| 2023-04-14 | CVE-2023-25597 | Improper Authentication vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. | 5.9 |
| 2023-04-14 | CVE-2022-45173 | Improper Authentication vulnerability in Liveboxcloud Vdesk An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 9.8 |